bsm-rails-api 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/bsm/rails_api/authorization.rb +67 -0
- data/lib/bsm/rails_api.rb +10 -0
- data/lib/bsm-rails-api.rb +1 -0
- metadata +122 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 8a942ceff62e17de023a3e4fd5ef334080410bdb
|
|
4
|
+
data.tar.gz: 79d9c3f85caa0102c788faad1f3ef13919b1f052
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 1559658a1ff562820e1d35137543bfaeb4ca9766c5a643300db783b426db50bb2c6eccca4b07eeffb5747e027076a7d6a1ccb88d902430a76f1bce4995c880bc
|
|
7
|
+
data.tar.gz: b4208dce344117e471e9717c849023804292891ca284597a006e71ab8b6b2af38607e695adb94944fedf6372ad85826faa53c028a5a0b5e8c4486cd7a3c13d38
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
require 'active_support/concern'
|
|
2
|
+
|
|
3
|
+
module BSM::RailsAPI::Authorization
|
|
4
|
+
extend ActiveSupport::Concern
|
|
5
|
+
|
|
6
|
+
class NotSecure < StandardError
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
included do
|
|
10
|
+
after_filter :ensure_permit_access_authorized!
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
class_methods do
|
|
14
|
+
|
|
15
|
+
# Manage access permissions.
|
|
16
|
+
# Assumptions:
|
|
17
|
+
#
|
|
18
|
+
# * users are already authenticated
|
|
19
|
+
# * controller has a method called current_user which returns a user record
|
|
20
|
+
# * the user has a `#kind` method which returns a string, e.g. 'employee' or 'client'
|
|
21
|
+
# * the user has a `#roles` method which returns an array of strings, e.g. ['app:some:role', 'app:other:role']
|
|
22
|
+
#
|
|
23
|
+
# Example:
|
|
24
|
+
#
|
|
25
|
+
# permit_access :read, employee: :all, client: ["app:custom:role"]
|
|
26
|
+
# permit_access :manage, :destroy, employee: ["app:admin"]
|
|
27
|
+
#
|
|
28
|
+
def permit_access(*actions)
|
|
29
|
+
opts = actions.extract_options!
|
|
30
|
+
acts = actions.map do |name|
|
|
31
|
+
case name
|
|
32
|
+
when :read then [:index, :show]
|
|
33
|
+
when :manage then [:create, :update]
|
|
34
|
+
else name.to_sym
|
|
35
|
+
end
|
|
36
|
+
end.flatten.uniq
|
|
37
|
+
|
|
38
|
+
before_action only: acts do |ctrl|
|
|
39
|
+
user = ctrl.send(:current_user)
|
|
40
|
+
ctrl.send :unauthorized! unless user
|
|
41
|
+
|
|
42
|
+
reqs = opts[user.kind.to_sym]
|
|
43
|
+
ctrl.send :unauthorized! if reqs != :all && (Array.wrap(reqs) & user.roles).empty?
|
|
44
|
+
ctrl.send :instance_variable_set, :@_bsm_rails_api_authorized, true
|
|
45
|
+
end unless acts.empty?
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
protected
|
|
51
|
+
|
|
52
|
+
# Render a 403
|
|
53
|
+
def unauthorized!
|
|
54
|
+
render text: "Unauthorized", status: 403
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
private
|
|
58
|
+
|
|
59
|
+
# Callback to ensure we have actually granted the user permission
|
|
60
|
+
# to access a resource via permit_access
|
|
61
|
+
def ensure_permit_access_authorized!
|
|
62
|
+
unless @_bsm_rails_api_authorized
|
|
63
|
+
raise NotSecure, "This action failed because permit_access filters were not run. Add permit_access to secure this endpoint."
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
end
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'bsm/rails_api'
|
metadata
ADDED
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: bsm-rails-api
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.2.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Dimitrij Denissenko
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-04-27 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: railties
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 4.2.0
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: 5.0.0
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: 4.2.0
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: 5.0.0
|
|
33
|
+
- !ruby/object:Gem::Dependency
|
|
34
|
+
name: actionpack
|
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
type: :runtime
|
|
41
|
+
prerelease: false
|
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - ">="
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '0'
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: activesupport
|
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - ">="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '0'
|
|
54
|
+
type: :runtime
|
|
55
|
+
prerelease: false
|
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '0'
|
|
61
|
+
- !ruby/object:Gem::Dependency
|
|
62
|
+
name: rake
|
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '0'
|
|
68
|
+
type: :development
|
|
69
|
+
prerelease: false
|
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '0'
|
|
75
|
+
- !ruby/object:Gem::Dependency
|
|
76
|
+
name: rspec
|
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - ">="
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: '0'
|
|
82
|
+
type: :development
|
|
83
|
+
prerelease: false
|
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
85
|
+
requirements:
|
|
86
|
+
- - ">="
|
|
87
|
+
- !ruby/object:Gem::Version
|
|
88
|
+
version: '0'
|
|
89
|
+
description: ''
|
|
90
|
+
email: dimitrij@blacksqaremedia.com
|
|
91
|
+
executables: []
|
|
92
|
+
extensions: []
|
|
93
|
+
extra_rdoc_files: []
|
|
94
|
+
files:
|
|
95
|
+
- lib/bsm-rails-api.rb
|
|
96
|
+
- lib/bsm/rails_api.rb
|
|
97
|
+
- lib/bsm/rails_api/authorization.rb
|
|
98
|
+
homepage: https://github.com/bsm/rails-api
|
|
99
|
+
licenses:
|
|
100
|
+
- MIT
|
|
101
|
+
metadata: {}
|
|
102
|
+
post_install_message:
|
|
103
|
+
rdoc_options: []
|
|
104
|
+
require_paths:
|
|
105
|
+
- lib
|
|
106
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ">="
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: 2.0.0
|
|
111
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
112
|
+
requirements:
|
|
113
|
+
- - ">="
|
|
114
|
+
- !ruby/object:Gem::Version
|
|
115
|
+
version: 1.8.0
|
|
116
|
+
requirements: []
|
|
117
|
+
rubyforge_project:
|
|
118
|
+
rubygems_version: 2.4.6
|
|
119
|
+
signing_key:
|
|
120
|
+
specification_version: 4
|
|
121
|
+
summary: BSM's Rails API helpers
|
|
122
|
+
test_files: []
|